On 11/23/2018 03:44 AM, Andrew Zaborowski wrote:
Rewrite l_certchain_verify iterating over the certificates from root
leaf using the double-linked list property and without using recursion to
simplify the logic. At the same time make sure that while we link new
certificates to the keyring we also unlink the old ones, those that have
been used to verify previous certificates. This should fix a long
standing issue where we didn't verify that each certificate in the chain
was trusted specifically by the immediately preceding one, only that it
was trusted by any CA whose certificate was already linked to keyring.
ell/cert.c | 207 ++++++++++++++++++++++++++++++-----------------------
1 file changed, 117 insertions(+), 90 deletions(-)
Patches 2, 4, 5 applied, thanks.